How could automation prevent a future WannaCry?
Date published: 15 Jun 2017
The sophisticated weaponised tool originated from stolen code developed by America’s National Security Agency (NSA) & was released by a group called ShadowBrokers. It was then repurposed by another group and finally turned into malware by a third group. This is the equivalent of stolen self-guiding missiles being modified and circulated among third parties at public auctions.
As the black market is flooded with autonomous cyber-attack tools, security issues are exacerbated further by a shortage of skilled cyber security workers; a new report reveals that there will soon be 350,000 unfilled cyber security vacancies in Europe alone.
Perhaps ironically, the solution may be inherent in the nature of the problem itself.
Evolution of black market intelligence
WannaCry illustrates the continuing evolution and intelligence of black market software automation tools. Defending against this requires us to develop intelligent software capable of replicating the work of skilled human cyber defenders at a speed and scale that is beyond humans.
Just as intelligent automated hacking tools can now replicate the work of skilled black hat hackers, the latest software can autonomously replicate the work of ‘white hat’ security consultants by analysing a network with the knowledge and inquisitive nature of penetration testers.
This means the software makes intelligent decisions, applies human experience and skills to identify problems and provides accurate ‘command line’ output, that can be used to automate fixes. Crucially, these new systems are targeted, agentless and leave no footprint, so that unlike scanners, they do not interfere with the running network. Traditional scanners bombard a network with attacks, generating mass network traffic to seek potential vulnerabilities, modern tools use virtual modelling to analyse interactions and identify hidden risk.
The accuracy of virtual modelling also removes the mass of false positives generated through other methodologies, it’s the equivalent of a ‘white hat’ going through every line of code to find the interactions and settings that cause inherent security flaws.
Protecting the NHS against future WannaCry attacks
Parts of the NHS are now protected against WannaCry like attacks by using our Nipper Studio tool to conduct autonomous cyber security ‘audits’ of their systems. They were able to use this intelligence, together with other tools, to ensure preventative measures were in place, successfully protecting themselves against the WannaCry attack.
It’s not just healthcare that can benefit from intelligent automation; other organisations from NATO to Nationwide are now using these automated cyber-defence tools to do the work of skilled human auditors far faster and at a greater scale.
In benchmark tests, Nipper Studio demonstrated conducting an entire line-by-line audit of 200 Cisco systems, in just 2.5 seconds, eliminating significant cost and months of man-hours.
Another advantage to intelligent automated auditing is that machines can see connections between different events, identify problems and react almost instantaneously. For example, if someone appeared to swipe into a building while being logged into a computer in another building, security software could instantly ‘red flag’ this incident and simultaneously disable the door lock and the user account.
This offers an exciting model for the future. Autonomous “best of breed” tools collaborating to feed intelligence into a central system, creating a vast responsive architecture, a virtual cyber security team capable of anticipating and counteracting dangers with speed, efficiency and accuracy.